You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Whilst this vulnerability may (or may not) impact docker-java, it will still be picked up by SCA tools and reported as being a potential problem.
There is a fix available and thus an upgrade of ${bouncycastle.version} should sort things out.
An upgrade to 1.67 will address the vulnerability, as well as CVE-2020-28052 (affects 1.65 and 1.67)
An upgrade to 1.70 will use the last version released of bcpkix-jdk15on
The latest version of bouncy castle is 1.73 (and addresses a security advisory that does not have a CVE). This would nessitate updating the component artifactId to bcpkix-jdk18on. See Latest Java Releases
The text was updated successfully, but these errors were encountered:
docker-java 3.3.0 has a transitive dependency on
bcprov-jdk15on1.66 viabcpkix-jdk15on1.66.The former has a vulnerability CVE-2020-15522
Whilst this vulnerability may (or may not) impact docker-java, it will still be picked up by SCA tools and reported as being a potential problem.
There is a fix available and thus an upgrade of
${bouncycastle.version}should sort things out.bcpkix-jdk15onbcpkix-jdk18on. See Latest Java ReleasesThe text was updated successfully, but these errors were encountered: